Lucene search
K

22 matches found

Vulnrichment
Vulnrichment
โ€ขadded 2026/05/08 7:12 p.m.โ€ข5 views

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References3
NVD
NVD
โ€ขadded 2026/04/29 11:16 p.m.โ€ข8 views

CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS0.00442EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/04/29 10:13 p.m.โ€ข13 views

CVE-2026-7381

Plack::Middleware::XSendfile (Perl)

9.1CVSS5.5AI score0.00442EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/04/24 12:0 a.m.โ€ข5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch...

5.5AI score
Exploits0References2
NVD
NVD
โ€ขadded 2026/03/08 11:15 a.m.โ€ข10 views

CVE-2026-3729

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

9CVSS0.00632EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
โ€ขadded 2026/01/19 12:0 a.m.โ€ข3 views

MiracleLinux 8 : samba-4.11.2-13.el8 (AXSA:2020-904:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-904:04 advisory. samba: Combination of parameters and permissions can allow user to escape from the share path definition CVE-2019-10197 samba: smb client vulnerable ...

9.1CVSS8.4AI score0.03515EPSS
Exploits0References4
NVD
NVD
โ€ขadded 2025/09/29 9:15 a.m.โ€ข4 views

CVE-2025-10341

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

6.1CVSS0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/05/28 12:0 a.m.โ€ข11 views

FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 45eb98d6-3b13-11f0-97f7-b42e991fc52e advisory. [email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by...

7.6CVSS7.8AI score0.97809EPSS
Exploits6References3
OSV
OSV
โ€ขadded 2025/05/26 7:12 a.m.โ€ข8 views

BIT-GRAFANA-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS5.6AI score0.97809EPSS
Exploits6References4
OSV
OSV
โ€ขadded 2025/05/22 9:33 a.m.โ€ข3 views

GHSA-Q53Q-GXQ9-MGRJ Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS5.6AI score0.97809EPSS
Exploits6References7
Github Security Blog
Github Security Blog
โ€ขadded 2025/05/22 9:33 a.m.โ€ข21 views

Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS6.8AI score0.97809EPSS
Exploits6References7Affected Software1
NVD
NVD
โ€ขadded 2025/05/22 8:15 a.m.โ€ข30 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS0.97809EPSS
Exploits6References3
Vulnrichment
Vulnrichment
โ€ขadded 2025/05/22 7:44 a.m.โ€ข5 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS6.9AI score0.97809EPSS
Exploits6References2
Cvelist
Cvelist
โ€ขadded 2025/05/22 7:44 a.m.โ€ข34 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS0.97809EPSS
Exploits6References2
CVE
CVE
โ€ขadded 2025/05/22 7:44 a.m.โ€ข412 views

CVE-2025-4123

Grafana OSS is affected by CVE-2025-4123, a cross-site scripting (XSS) flaw caused by a combination of client path traversal and an open redirect. The issue does not require editor permissions; it can be triggered when anonymous access is enabled, causing arbitrary JavaScript execution in the use...

7.6CVSS6.9AI score0.97809EPSS
In wildExploits6References3Affected Software1
ATTACKERKB
ATTACKERKB
โ€ขadded 2025/05/22 12:0 a.m.โ€ข1415 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

9CVSS5.5AI score0.97809EPSS
In wildExploits7References10
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/15 4:14 a.m.โ€ข19 views

CVE-2025-4123

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References4
AstraLinux
AstraLinux
โ€ขadded 2025/02/11 7:35 a.m.โ€ข4 views

Astra Linux โ€“ Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Resets cid to connum โ€“ 1 to remain within bounds. In the function initconns, after the createcon and createcm calls for the loop, if something fails. During the cleanup phase of the loop, after the destroy tag, we...

7.8CVSS6.4AI score0.00245EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2024/12/18 4:15 p.m.โ€ข4 views

CVE-2024-47119

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
โ€ขadded 2024/11/15 12:0 a.m.โ€ข3 views

Farmacia ๆณจๅ…ฅๆผๆดž

Farmacia is a content management system from code-projects. An injection vulnerability exists in code-projects Farmacia version 1.0, which stems from an SQL injection vulnerability contained in the id parameter of the /editar-cliente.php file...

9.8CVSS7AI score0.00686EPSS
Exploits1References5
Rows per page
Query Builder